WSL2 VPNKit Install and auto stop/start with Cisco Anyconnect

wsl-vpnkit.ps1

#Requires -Version 5.1

param (
	[Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][String]$WSLPath
)

# Validate Windows 11
if (!((Get-ComputerInfo | Select-Object -expand OsName) -match 11)) {
	Write-Host -ForegroundColor Red "Windows 11 is Required!"
	exit 11
}

# Ensure Not Running As Admin
if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
	Write-Host -ForegroundColor Red "Don't Run This Script From Admin Powershell!"
	exit 22
}

# Validate WSL Path
if (!(Test-Path "$WSLPath")) {
	Write-Host -ForegroundColor Red "'WSLPath' '$WSLPath' Doesn't Exist! Stopping!!"
	exit 33
}

# Ensure tarballs directory
$tarballs = "$WSLPath/tarballs"
if (!(Test-Path "$tarballs")) {
	New-Item -Path "$tarballs" -ItemType Directory -ErrorAction Stop 1>$null
}

# Ensure distros directory
$distros = "$WSLPath/distros"
if (!(Test-Path "$distros")) {
	New-Item -Path "$distros" -ItemType Directory -ErrorAction Stop 1>$null
}

# Set Tarball Information
$tarball_url = "https://github.com/sakai135/wsl-vpnkit/releases/latest/download/wsl-vpnkit.tar.gz"
$tarball = "$tarballs\wsl-vpnkit.tar.gz"

# Download Tarball
Invoke-WebRequest -Uri "$tarball_url" -OutFile "$tarball"

# Set Name
$Name="wsl-vpnkit"

# Stop/Unregister Existing
wsl --terminate "$Name" 1>$null
Start-Sleep -Seconds 15
wsl --unregister "$Name" 1>$null

# Import Tarball
wsl --import "$Name" "$Distros/$Name" "$tarball"

# Create Start Scheduled Task
$Action = New-ScheduledTaskAction -Execute 'wsl.exe' -Argument "-d $Name --cd /app service wsl-vpnkit start"
$CIMTriggerClass = Get-CimClass -ClassName MSFT_TaskEventTrigger -Namespace Root/Microsoft/Windows/TaskScheduler:MSFT_TaskEventTrigger
$Trigger = New-CimInstance -CimClass $CIMTriggerClass -ClientOnly
$Trigger.Subscription =
@"
<QueryList><Query Id="0" Path="Cisco AnyConnect Secure Mobility Client"><Select Path="Cisco AnyConnect Secure Mobility Client">*[System[Provider[@Name='acvpnagent'] and EventID=2039]]</Select></Query></QueryList>
"@
$Trigger.Enabled = $True
$Settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Compatibility Win8 -DontStopIfGoingOnBatteries -MultipleInstances IgnoreNew -DontStopOnIdleEnd -ExecutionTimeLimit '00:15:00'
Register-ScheduledTask -Action $Action -Trigger $Trigger -Settings $Settings -TaskName "wsl-vpnkit_start"  -Description 'Start WSL VPNKit' -User "$env:USERNAME" -Force

# Create Stop Scheduled Task
$Action = New-ScheduledTaskAction -Execute 'wsl.exe' -Argument "-d $Name --cd /app service wsl-vpnkit stop"
$CIMTriggerClass = Get-CimClass -ClassName MSFT_TaskEventTrigger -Namespace Root/Microsoft/Windows/TaskScheduler:MSFT_TaskEventTrigger
$Trigger = New-CimInstance -CimClass $CIMTriggerClass -ClientOnly
$Trigger.Subscription =
@"
<QueryList><Query Id="0" Path="Cisco AnyConnect Secure Mobility Client"><Select Path="Cisco AnyConnect Secure Mobility Client">*[System[Provider[@Name='acvpnagent'] and EventID=2037]]</Select></Query></QueryList>
"@
$Trigger.Enabled = $True
$Settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Compatibility Win8 -DontStopIfGoingOnBatteries -MultipleInstances IgnoreNew -DontStopOnIdleEnd -ExecutionTimeLimit '00:15:00'
Register-ScheduledTask -Action $Action -Trigger $Trigger -Settings $Settings -TaskName "wsl-vpnkit_stop"  -Description 'Stop WSL VPNKit' -User "$env:USERNAME" -Force

This script will install https://github.com/sakai135/wsl-vpnkit which ensures that all WSL2 distros will have a working network connection when using a VPN. Furthermore a scheduled task is setup to automatically start/stop the wsl-vpnkit when Cisco AnyConnect starts/stops.

The following assumptions are made:

• OS is Windows 11
• WSL is properly installed including all the required windows features
• WSL V2 is set as the default WSL version
• You've created a directory you can write to.
  • This will store the downloaded OS tarball and the created WSL distro.